Privacy Policy

Last updated: 25 March 2026

1. Introduction

DINEIN Rwanda ("we", "our", "us") operates the DINEIN mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By accessing or using DINEIN, you agree to this Privacy Policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account and Contact Information: When you contact us or access venue or admin tools, we may collect your name, email address, and phone number.
  • Authentication Information: Venue and admin phone numbers are used for WhatsApp OTP login, account verification, and access recovery.
  • Order Information: Details of your dine-in orders, including items selected, venue, table number, and order preferences.
  • Venue Owner Information: If you register as a venue owner, we collect your business name, contact details, venue profile data, and menu data.
  • Venue Uploads: Venue users may upload menu photos, PDF documents, and related files, or capture menu images during onboarding for storage and menu extraction/OCR.
  • BioPay Profile Information: If you enroll in BioPay, we collect your display name, your Rwanda MoMo USSD payment string, your BioPay ID, and related profile-management data such as your management-code hint.
  • Communications: When you contact us, we retain the content of your messages.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, app version, network state, and device or other identifiers used for service operation and diagnostics, including notification delivery tokens for venue operational alerts and BioPay client-install identifiers used for abuse prevention and rate limiting.
  • Usage and Diagnostic Data: Pages visited, features used, time spent, tap interactions, crash logs, and diagnostics, including data collected by Firebase Crashlytics in release builds.
  • Security and Abuse-Prevention Records: For BioPay, we may retain device labels, IP-derived hashes, abuse reports, and audit records associated with enrollment, matching, profile updates, re-enrollment, and deletion requests.
  • Cookies & Similar Technologies: We use essential cookies for session management. We do not use advertising or tracking cookies.

2.3 Permissions and Sensitive Features

  • Location: DINEIN requests location only to help guests connect to venue Wi-Fi on the device. We do not use this permission for advertising or venue discovery, and we do not transmit precise device location off the device for this feature.
  • Camera and File Access: Venue users may choose to capture menu photos with the device camera or upload photos and PDFs for onboarding and OCR/menu setup. Temporary local files are deleted after upload.
  • BioPay Camera and Face Matching: If you use BioPay, DINEIN requests camera access so the app can capture your face in-app for enrollment and payment matching. Raw face captures are processed transiently on your device to create a face embedding. Temporary capture files are deleted after processing. DINEIN stores the resulting face embedding, not the raw photo.
  • Notifications: Venue staff devices may request notification permission so DINEIN can deliver operational alerts such as new-order and table-service notifications.
  • We do not process or store payment card details. All payments are handled outside the app (cash or MoMo USSD).
  • Restricted Permissions: DINEIN explicitly strips and does not use the following Android permissions: RECORD_AUDIO, READ_EXTERNAL_STORAGE, and WRITE_EXTERNAL_STORAGE.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the DINEIN Service.
  • Process and fulfil your dine-in orders.
  • Authenticate venue and admin access through WhatsApp OTP.
  • Store and process venue-uploaded menu files for onboarding and OCR/menu extraction.
  • Create, match, manage, suspend, and delete Rwanda BioPay profiles.
  • Send venue operational alerts such as new-order and table-service push notifications.
  • Communicate with you about your orders, account, and support requests.
  • Improve our Service through aggregated analytics, crash reporting, and diagnostics.
  • Prevent duplicate enrollment, fraud, abuse, and enforce rate limits for matching requests.
  • Ensure security and prevent fraud.
  • Comply with legal obligations.

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Venue Partners: Your order details are shared with the restaurant where you place a dine-in order, so they can prepare and serve your food.
  • Service Providers: Trusted providers that help us operate our Service, including hosting and storage providers, BioPay infrastructure and security providers, WhatsApp/Meta for OTP delivery, and Firebase services for crash reporting, diagnostics, and operational push notification delivery. These providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.

5. Data Retention

We retain your personal data only for as long as necessary to provide our Service and fulfil the purposes described in this policy. Order history is retained for 12 months. If you create a BioPay profile, active BioPay profile data remains until you delete the profile or we must suspend or remove it for security or legal reasons. Security, audit, and abuse-prevention records may be retained longer where reasonably necessary. You may request deletion of your account and associated data at any time.

6. Your Rights

Under applicable Rwandan data protection law, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data.
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise these rights, contact us at info@ikanisa.com. BioPay users can also delete their BioPay profile from within the app.

7. Data Security

We implement industry-standard security measures, including encryption in transit (TLS), secure database access controls, hashed BioPay management codes, device-secure local storage for same-device BioPay owner tokens where supported, and regular security audits. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

DINEIN is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

9. International Transfers

Your data may be processed on servers located outside Rwanda. Any transfers are protected by appropriate safeguards in compliance with applicable data protection regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact:

DINEIN Rwanda
Email: info@ikanisa.com
Website: dineinrw.ikanisa.com